73 lines
1.1 KiB
Bash
Executable File
73 lines
1.1 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Title: TCPDump
|
|
# Description: Dumps networking-data to USB storage. Completes on button-press or storage full.
|
|
# Author: Hak5
|
|
# Version: 1.0
|
|
# Category: sniffing
|
|
# Target: Any
|
|
# Net Mode: TRANSPARENT
|
|
|
|
# LEDs
|
|
# SUCCESS: Dump complete
|
|
# FAIL: No USB storage found
|
|
|
|
function monitor_space() {
|
|
while true
|
|
do
|
|
[[ $(USB_FREE) -lt 10000 ]] && {
|
|
kill $1
|
|
LED G SUCCESS
|
|
sync
|
|
break
|
|
}
|
|
sleep 5
|
|
done
|
|
}
|
|
|
|
function finish() {
|
|
# Kill TCPDump and sync filesystem
|
|
kill $1
|
|
wait $1
|
|
sync
|
|
|
|
# Indicate successful shutdown
|
|
LED R SUCCESS
|
|
sleep 1
|
|
|
|
# Halt the system
|
|
LED OFF
|
|
halt
|
|
}
|
|
|
|
function run() {
|
|
# Create loot directory
|
|
mkdir -p /usb/loot/tcpdump &> /dev/null
|
|
|
|
# Set networking to TRANSPARENT mode and wait five seconds
|
|
NETMODE TRANSPARENT
|
|
sleep 5
|
|
|
|
LED ATTACK
|
|
|
|
# Start tcpdump on the bridge interface
|
|
tcpdump -i br-lan -s 0 -w /usb/loot/tcpdump/dump_$(date +%Y-%m-%d-%H%M%S).pcap &>/dev/null &
|
|
tpid=$!
|
|
|
|
# Wait for button to be pressed (disable button LED)
|
|
NO_LED=true BUTTON
|
|
finish $tpid
|
|
}
|
|
|
|
|
|
# This payload will only run if we have USB storage
|
|
|
|
# Wait for the USB drive
|
|
USB_WAIT
|
|
|
|
LED ATTACK
|
|
run &
|
|
monitor_space $! &
|
|
|
|
wait
|